Gestion de Contenu, de Communauté et de groupes de travail collaboratif - Open Source, français, sécurisé, stable et performant

  • MODULES

    Pour étendre les nombreuses fonctionnalités disponibles de base - modules.npds.org est à votre disposition.

    Des modules complémentaires, une communauté de développeurs active, des forums pour vos questions ... NPDS  est aussi une plateforme de développement !
  • STYLES

    Vous cherchez des thèmes graphiques pour votre portail ou votre communauté : styles.npds.org est à votre disposition.

    Des thèmes du plus simple au plus sophistiqué. Des thèmes facilement modifiables et toujours en Open-Source - Laissez simplement parler votre imagination !
  • BIBLES

    La documentation indispensable pour personnaliser et exploiter toute la puissante de NPDS  est à votre disposition sur bible.npds.org.

    Vous pouvez participer à l'effort de documentation - rien de plus simple : contactez un membre de la Team de développement et nous vous ouvrirons un compte sur le Wiki !
Devenir membre    |    Identifiant : Mot de Passe : -
Au delà de la gestion de contenu 'classique', NPDS met en oeuvre un ensemble de fonctions spécifiquement dédiées à la gestion de Communauté et de groupes de travail collaboratif.
Il s'agit d'un Content & Community Management System (CCMS) robuste, sécurisé, complet, performant et parlant vraiment français.

Gérez votre Communauté d'utilisateurs, vos groupes de travail collaboratif, publiez, gérez et organisez votre contenu grâce aux puissants outils disponibles de base.
  • Multi langues (Français, Anglais, Allemand, Espagnol, Chinois)
  • Respect des standards : UTF8, XHTML, CSS, ...
  • Système de blocs avancés
  • Installation et administration complète et centralisée
  • Editeur HTML intégré
  • Gestionnaire de fichier en ligne
  • Gestion des groupes de membres
  • Ecriture collaborative de documents (PAD)
  • Forums évolués
  • Mini-sites (pour les membres et les groupes de travail)
  • Chat temp réel
  • Système de News et de rubriques complet (édition, révision, publication)
  • ...
Gratuit et libre (Open-Source), développé en PHP, NPDS est personnalisable grâce à de nombreux thèmes et modules et ne requiert que quelques compétences de base.
NPDS Workplace - groupe de travail collaboratif
 NPDS WorkSpace - tous l'univers du travail collaboratif.
Modéré par : developpeur jpb Jireck 
Index du Forum » » Sécurité » » [Résolu] - Correctif AntiSpamBots
Auteur[Résolu] - Correctif AntiSpamBots
xgonin
709      
 

xgonin
  Posté : 06-07-2006 23:50

Hello à tous !

Je me suis permis de corriger le hack de Neo_machine, auquel il manquait la sécurité lors d'une réponse à un sujet existant, même en session admin, par l'appel du fichier replyH.php.

Voilà le code de ce fichier corrigé, à votre guise de l'analyser et de me dire si les corrections sont correctes ou pas (Neo est averti par MP de cette correction).

Code :

<?php

/************************************************************************/ br />
/* NPDS V : Net Portal Dynamic System . */

/* =========================== */

/* */

/* Original Copyright (c) 2001 by Francisco Burzi (fburzi@ncc.org.ve) */

/* http://phpnuke.org */

/* */

/* This version name NPDS Copyright (c) 2001-2004 */

/* Great mods by snipe */

/* */

/* ========================= */

/* Based on Parts of phpBB */

/* */

/* This program is free software. You can redistribute it and/or modify */

/* it under the terms of the GNU General Public License as published by */

/* the Free Software Foundation; either version 2 of the License. */

/************************************************************************/ br />
if (!function_exists("Mysql_Connexion")) {!include! ("mainfile.php");}

!include!('functions.php');

// ##### ==> AntiSpamBots

!include! ("antispambots.php");

// ##### ==> AntiSpamBots

if ($SuperCache) {

$cache_obj = new cacheManager();

}

!include!('auth.php');

global $pdst; $pdst="0";

if ($cancel) {

header("Location: viewtopic.php?topic=$topic&forum=$forum");

}



$rowQ1=Q_Select ("SELECT forum_name, forum_moderator, forum_type, forum_pass, forum_access, arbre FROM forums WHERE forum_id = '$forum'", 3600);

if (!$rowQ1)

forumerror('0001');

list(,$myrow) = each($rowQ1);

$forum_name = $myrow[forum_name];

$forum_access = $myrow[forum_access];

$forum_type=$myrow[forum_type];

$mod=$myrow[forum_moderator];



if ( ($forum_type == 1) and ($Forum_passwd != $myrow[forum_pass]) ) {

header("Location: forum.php");

}

if ($forum_access==9) {

header("Location: forum.php");

}

if (is_locked($topic)) {

forumerror('0025');

}

if (!does_exists($forum, "forum") || !does_exists($topic, "topic")) {

forumerror('0026');

}



if ($submitS) {

// ##### ==> AntiSpamBots

global $question, $anti_spam_bots, $redir;

AntiSpamBots::reponse($question, $anti_spam_bots);

// ##### ==> AntiSpamBots

if ($message=='') $stop=1;

if (!$user) {

if ($forum_access==0) {

$userdata = array("uid" => 1);

!include!("header.php");

} else {

if (($username=="") or ($password=="")) {

forumerror('0027');

} else {

$result = mysql_query("select pass FROM users WHERE uname='$username'");

list($pass) = mysql_fetch_row($result);

if (!$system) {

$passwd=crypt($password,$pass);

} else {

$passwd=$password;

}

if ((strcmp($passwd,$pass)==0) and ($pass != "")) {

$userdata = get_userdata($username);

!include!("header.php");

} else {

forumerror('0028');

}

$modo=user_is_moderator($username,$pass,$forum_access);

if ($forum_access==2) {

if (!$modo)

forumerror('0027');

}

}

}

} else {

$userX = base_64_decode($user);

$userdata = explode(":", $userX);

$modo=user_is_moderator($userdata[0],$userdata[2],$forum_access);

if ($forum_access==2) {

if (!$modo)

forumerror('0027');

}

$userdata = get_userdata($userdata[1]);

!include!("header.php");

}



// Either valid user/pass, or valid session. continue with post.

if ($stop != 1) {

$poster_ip = getip();

if ($dns_verif)

$hostname=@gethostbyaddr($poster_ip);



anti_flood ($modo, $anti_flood, $poster_ip, $userdata, $gmt);



if ($allow_html == 0 || isset($html)) $message = htmlspecialchars($message);

if ($sig && $userdata[uid] != 1) $message .= "

Xav
www.xgonin.ch";

if (($forum_type!="6") and ($forum_type!="5")) {

$message = aff_code($message);

$message = str_replace("\n", "
", $message);

}

if (($allow_bbcode==1) and ($forum_type!="6") and ($forum_type!="5")) {

$message = smile($message);

}

if (($forum_type!="6") and ($forum_type!="5")){

$message = make_clickable($message);

$message = removeHack($message);

}

$image_subject=removeHack($image_subject);

$message = addslashes($message);

$time = date("Y-m-d H:i:s",time()+($gmt*3600));

$sql = "INSERT INTO posts (post_idH, topic_id, image, forum_id, poster_id, post_text, post_time, poster_ip, poster_dns) VALUES ('0', '$topic', '$image_subject', '$forum', '$userdata[uid]', '$message', '$time', '$poster_ip', '$hostname')";

if (!$result = mysql_query($sql)) {

forumerror('0020');

} else {

$IdPost=mysql_insert_id();

}

$sql = "UPDATE forumtopics SET topic_time = '$time', current_poster = '$userdata[uid]' WHERE topic_id = '$topic'";

if (!$result = mysql_query($sql)) {

forumerror('0020');

}

$sql = "UPDATE forum_read SET status='0' where topicid = '$topic' and uid <> '$userdata[uid]'";

if (!$r = mysql_query($sql)) {

forumerror('0001');

}



$sql = "UPDATE users_status SET posts=posts+1 WHERE (uid = '$userdata[uid]')";

$result = mysql_query($sql);

if (!$result) {

forumerror('0029');

}

$sql = "SELECT t.topic_notify, u.email, u.uname, u.uid, u.user_langue FROM forumtopics t, users u WHERE t.topic_id = '$topic' AND t.topic_poster = u.uid";

if (!$result = mysql_query($sql)) {

forumerror('0022');

}

$m = mysql_fetch_array($result);

if ( ($m[topic_notify] == 1) && ($m[uname] != $userdata[uname]) ) {

!include!_once("language/lang-multi.php");

$resultZ=mysql_query("SELECT topic_title FROM forumtopics WHERE topic_id='$topic'");

list($title_topic)=mysql_fetch_row($resultZ);

$subject = strip_tags($forum_name)."/".$title_topic." : ".translate_ml($m[user_langue], "Une réponse à votre dernier Commentaire a été posté.");

$message = $m[uname]."\r\n";

$message .= translate_ml($m[user_langue], "Vous recevez ce Mail car vous avez demandé à être informé lors de la publication d'une réponse.")."\r\n";

$message .= translate_ml($m[user_langue], "Pour lire la réponse")." : ";

$message .= "$nuke_url/viewtopic.php?topic=$topic&forum=$forum&start=9999\r\n";

!include!("signat.php");

if (!$system) {

send_email($m[email], $subject, $message, "", true, "text");

$sauf=$m[uid];

}

}

global $subscribe;

if ($subscribe) {

if (subscribe_query($userdata[uid],"forum",$forum)) {

$sauf=$userdata[uid];

}

subscribe_mail("forum",$topic,$forum,"",$sauf);

}

if ($upload) {

!include!("modules/upload/upload_forum.php");

win_upload("forum_npds",$IdPost,$forum,$topic,"win");

redirect_!url(!"viewtopic.php?forum=$forum&topic=$topic&start=9999");

die();

}

redirect_!url(!"viewforum.php?forum=$forum");

} else {

OpenTable();

echo "

".translate("You must type a message to post.")."

";

echo "[ ".translate("Go Back")." ]

";

CloseTable();

}

} else {

!include!('header.php');

if ($allow_bbcode==1) {

!include!("lib/formhelp.java.php");

}



list($topic_title, $topic_status) = mysql_fetch_array(mysql_query("select topic_title, topic_status from forumtopics where topic_id='$topic'"));

$userX = base_64_decode($user);

$userdata = explode(":", $userX);

$moderator = get_moderator($mod);

$moderator=explode(" ",$moderator);

$Mmod=false;

echo "
\n";

echo "".translate("Moderated By: ")."";

for ($i = 0; $i < count($moderator); $i++) {

echo "$moderator[$i] ";

if (($userdata[1]==$moderator[$i])) { $Mmod=true;}

}

echo "

";

echo "".translate("Post Reply in Topic:")."";

echo " ".stripslashes($forum_name)."  |  ";

echo "".translate("Forum Index")."\n";

echo "
";

echo "
";

echo "";

echo "";

if ($forum_access == 0) {

echo "";

} else if($forum_access == 1) {

echo "";

} else if($forum_access == 2) {

echo "";

}

echo "";

$allow_to_reply=false;

if ($forum_access==0) {

$allow_to_reply=true;

} elseif ($forum_access==1) {

if (isset($user)) {

$allow_to_reply=true;

}

} elseif ($forum_access==2) {

if (user_is_moderator($userdata[0],$userdata[2],$forum_access)) {

$allow_to_reply=true;

}

}

if ($topic_status!=0)

$allow_to_reply=false;



if ($allow_to_reply) {

if ($submitP) {

// ##### ==> AntiSpamBots

global $question, $anti_spam_bots, $redir;

AntiSpamBots::reponse($question, $anti_spam_bots);

// ##### ==> AntiSpamBots

$acc = "reply";

$message=stripslashes($message);

echo "";

} else {

$message='';

}

echo "";

echo "";

echo "";

if ($smilies) {

echo "



";

}

echo "";

echo "";

if ($allow_bbcode==1)

$xJava = 'name="message" onSelect="storeCaret(this);" !onclick!="storeCaret(this);" !onkey!up="storeCaret(this);" !onfocus!="storeForm(this)"';

echo "";

echo "";

echo "";

echo "";

} else {

echo "";

echo "";

echo "";

}

echo "
".translate("About Posting:")."
".translate("Anonymous users can post new topics and replies in this forum.")." ".translate("All registered users can post new topics and replies to this forum.")." ".translate("Only Moderators can post new topics and replies in this forum.")."
";

!include! ("preview.php");

echo "
".translate("Nickname: ")." ";

echo $userdata[1];

echo "
".translate("Message Icon: ")." ";

echo emotion_add($image_subject);

echo "
".translate("Message: ")."

";

echo "";

echo "HTML : ";

if ($allow_html==1) {

echo translate("On")."
";

echo HTML_Add($allow_forum_hide);

} else

echo translate("Off")."
";

if ($citation && !$submitP) {

$sql = "SELECT p.post_text, p.post_time, u.uname FROM posts p, users u WHERE post_id = '$post' AND p.poster_id = u.uid";

if ($r = mysql_query($sql)) {

$m = mysql_fetch_array($r);

$text = $m[post_text];

if (($forum_type!="6") and ($forum_type!="5")) {

$text = smile($text);

$text = str_replace("
", "\n", $text);

} else {

$text = htmlspecialchars($text);

}

$text = stripslashes($text);

if ($m[post_time]!="" && $m[uname]!="") {

$reply = "
".translate("Quote")." : $m[uname] \n\n$text \n
";

} else {

$reply = $text."\n";

}

$reply = preg_replace("#\[hide\](.*?)\[\/hide\]#si","",$reply);

} else {

$reply = translate("Error Connecting to DB")."\n";

}

}

if (!$reply) {$reply=$message;}

echo "

";

if ($allow_bbcode == 1)

putitems();

echo "
".translate("Options: ")." ";

if (($allow_html == 1) and ($forum_type!="6") and ($forum_type!="5")) {

if ($html == "on") {

$sethtml = "checked";

}

echo "".translate("Disable HTML on this Post")."
";

}

if ($user) {

if ($allow_sig == 1||$sig == "on") {

$asig = mysql_query("select attachsig from users_status where uid='$cookie[0]'");

list($attachsig) = mysql_fetch_row($asig);

if ($attachsig == 1) {

$s = "checked";

}

if (($forum_type!="6") and ($forum_type!="5")) {

echo "".translate("Show signature")." (".translate("This can be altered or added in your profile").")
";

}

}

if ($allow_upload_forum) {

if ($upload == "on") {

$up = "checked";

}

echo "".translate("Upload file after send accepted")."
";

}

}

echo "
";

echo "";

echo "";

// ##### ==> AntiSpamBots

AntiSpamBots::question();

AntiSpamBots::field();

// ##### ==> AntiSpamBots

echo "
 ";

echo "  ";

echo "  ";

echo " 

";

echo "
".translate("You are not allowed to reply in this forum")."
";

if ($allow_to_reply) {

echo "";

echo "";

if ($Mmod) {

$post_aff="";

} else {

$post_aff=" and post_aff='1' ";

}

$sql = "SELECT * FROM posts WHERE topic_id='$topic'".$post_aff."ORDER BY post_id DESC limit 0,10";

if (!$result = mysql_query($sql))

forumerror('0001');

$myrow = mysql_fetch_array($result);

$count=0;

do {

$rowcolor=tablos();

$posterdata = get_userdata_from_id($myrow[poster_id]);

echo "";

echo "";

$count++;

} while($myrow = mysql_fetch_array($result));

echo "
".translate("Topic Review")."
";

if ($posterdata[uname]!=$anonymous) {

echo "$posterdata[uname]";

} else {

echo $posterdata[uname];

}

echo "
";

$posts = $posterdata[posts];

echo member_qualif($posterdata[uname], $posts, $posterdata[rank]);

echo "

";

if ($smilies) {

if ($posterdata[user_avatar] != '') {

if (stristr($posterdata[user_avatar],"users_private")) {

$imgtmp=$posterdata[user_avatar];

} else {

if ($ibid=theme_image("forum/avatar/$posterdata[user_avatar]")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/avatar/$posterdata[user_avatar]";}

}

echo "
\"".$posterdata[uname]."\"
";

}

}



echo "
";

echo "";

echo "
";



if ($myrow[image] != "") {

if ($ibid=theme_image("forum/subject/$myrow[image]")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/subject/$myrow[image]";}

echo "\"\"";

} else {

if ($ibid=theme_image("forum/subject/icons/posticon.gif")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/icons/posticon.gif";}

echo "\"\"";

}

echo " ".translate("Posted: ").convertdate($myrow[post_time]);

echo "
";

$message = stripslashes($myrow[post_text]);

if ($allow_bbcode==1) {

$message = Smilie($message);

}

if ($allow_forum_hide) {

$show_hide = false;

if ($Mmod!=true) {

$sqlH = "Select count(*) from posts where topic_id = $topic and poster_id = $userdata[0]";

$resultH = @mysql_result(@mysql_query($sqlH),0,0);

if ($resultH>0) {

$show_hide = true;

}

} else {

$show_hide = true;

}

$message = control_hide_post($message,$show_hide);

}

//
if (stristr($message,"

$message=eregi_replace("_blank\"", "_blank\" class=\"NOIR\"", $message);

}

$message=split_string_without_space($message, 80);

if (($forum_type=="6") or ($forum_type=="5")) {

highlight_string(stripslashes($myrow[post_text]))."

";

} else {

$message = str_replace("

Xav
www.xgonin.ch", "

" . nl2br($posterdata[user_sig]), $message);

echo $message."
";

}

echo "
";

echo "
";

}

}

!include!('footer.php');

?>

Message édité par : xgonin / 07-07-2006 00:50


  Profil  www  
xgonin
709      
 

xgonin
  Posté : 07-07-2006 01:09

Oubliez le premier post, c'est le bordel intégral !
J'arrive même pas à le ré-éditer.

Voilà le bon code :

  Profil  www  
xgonin
709      
 

xgonin
  Posté : 07-07-2006 01:11



<?PHP

/************************************************************** **********/

/* NPDS V : Net Portal Dynamic System .                           & nbsp;      */

/* ===========================        &nbs p;              ;                     */

/*            &nb sp;            &nbs p;              ;                           & nbsp;    */

/* Original Copyright (c) 2001 by Francisco Burzi (fburzi@ncc.org.ve)   */

/* http://phpnuke.org                                                   */

/*            &nb sp;            &nbs p;              ;                           & nbsp;    */

/* This version name NPDS Copyright (c) 2001-2004   */

/* Great mods by snipe            &n bsp;            &nb sp;            &nbs p;           */

/*            &nb sp;            &nbs p;              ;                           & nbsp;    */

/* =========================                       & nbsp;            &n bsp;        */

/* Based on Parts of phpBB            &n bsp;            &nb sp;            &nbs p;       */

/*            &nb sp;            &nbs p;              ;                           & nbsp;    */

/* This program is free software. You can redistribute it and/or modify */

/* it under the terms of the GNU General Public License as published by */

/* the Free Software Foundation; either version 2 of the License.       */

/************************************************************************/ br />
if (!function_exists("Mysql_Connexion")) {!include! ("mainfile.php");}

!include!('functions.php');

// ##### ==> AntiSpamBots

!include! (
"antispambots.php");

// ##### ==> AntiSpamBots

if ($SuperCache) 
{

   $cache_obj = new cacheManager();

}

!include!('auth.php');

global $pdst; $pdst=
"0";

if ($cancel) 
{

   header(
"Location: viewtopic.php?topic=$topic&forum=$forum");

}



$rowQ1=Q_Select (
"SELECT forum_name, forum_moderator, forum_type,& nbsp;forum_pass, forum_access, arbre FROM forums WHERE  forum_id = '$forum'", 3600);

if (!$rowQ1)

   forumerror('0001');

list(,$myrow) = each($rowQ1);

$forum_name = $myrow
[forum_name];

$forum_access = $myrow
[forum_access];

$forum_type=$myrow
[forum_type];

$mod=$myrow
[forum_moderator];



if ( ($forum_type == 1) and ($Forum_passwd != $myrow[forum_pass]) ) {

   header(
"Location: forum.php");

}

if ($forum_access==9) 
{

   header(
"Location: forum.php");

}

if (is_locked($topic)) 
{

   forumerror('0025');

}

if (!does_exists($forum, 
"forum") || !does_exists($topic, "topic")) {

   forumerror('0026');

}



if ($submitS) 
{

// ##### ==> AntiSpamBots

   global $question, $anti_spam_bots, $redir; br />
   AntiSpamBots::reponse($question, $anti_spam_bots);

// ##### ==> AntiSpamBots

   if ($message=='') $stop=1;

   if (!$user) 
{

      if ($forum_access==0) 
{


         $userdata = a rray(
"uid" => 1);

         !include!(
"header.php");

      
} else {

         if (($username=="") or ($password=="")) {

            forum error('0027');

         
} else {

            $resu lt = mysql_query(
"select pass FROM users WHERE uname='$u sername'");

            list( $pass) = mysql_fetch_row($result);

            if&nb sp;(!$system) 
{

              ;  $passwd=crypt($password,$pass);

            } else {

              ;  $passwd=$password;

            }

            if&nb sp;((strcmp($passwd,$pass)==0) and ($pass != 
"")) {

              ;  $userdata = get_userdata($username);

              ;  !include!(
"header.php");

            } else {

              ;  forumerror('0028');

            }

            $modo =user_is_moderator($username,$pass,$forum_access);

            if&nb sp;($forum_access==2) 
{

              ;  if (!$modo)

              ;     forumerror('0027');

            }

         
}

      
}

   
} else {

      $userX = base_64_decode($user);

      $userdata = explode(
":", $userX);

      $modo=user_is_moderator($userdata
< font color="#007700">[
0],$userdata[2],$forum_access);

      if ($forum_access==2) 
{


         if (!$modo)

            forum error('0027');

      
}

      $userdata = get_userdata($userd ata
[1]);

      !include!(
"header.php");

   
}



   // Either valid user/pass, or vali d session. continue with post.

   if ($stop != 1) 
{

      $poster_ip =  getip();

      if ($dns_verif)

         $hostname=@gethostbyadd r($poster_ip);



      anti_flood ($modo, $anti_flood,  $poster_ip, $userdata, $gmt);



      if ($allow_html == 0  || isset($html)) $message = htmlspecialchars($message);

      if ($sig && $userd ata
[uid] != 1) $message .= " [addsig]";

      if (($forum_type!=
"6") and ($forum_type!="5")) {

         $message = af f_code($message);

         $message = st r_replace(
"\n""<br />", $message);

      
}

      if (($allow_bbcode==1) and  ;($forum_type!=
"6") and ($forum_type!="5")) {

         $message = sm ile($message);

      
}

      if (($forum_type!=
"6") and ($forum_type!="5")){

         $message = ma ke_clickable($message);

         $message = re moveHack($message);

      
}

      $image_subject=removeHack($image_subject) ;

      $message = addslashes($message) ;

      $time = date(
"Y-m-d H:i:s",time()+($gmt*3600));

      $sql = 
"INSERT INTO posts (post_idH, topic_id,  ;image, forum_id, poster_id, post_text, post_time, pos ter_ip, poster_dns) VALUES ('0', '$topic', '$image_sub ject', '$forum', '$userdata[uid]', '$message', '$time', '$poster_ip', '$hos tname')";

      if (!$result = mysql_query ($sql)) 
{

         forumerror('0020');

      
} else {

         $IdPost=mysql_insert_id ();

      
}

      $sql = 
"UPDATE forumtopics SET topic_time = '$ time', current_poster = '$userdata[uid]' WHERE topic_id = '$topic'";

      if (!$result = mysql_query ($sql)) 
{

         forumerror('0020');

      
}

      $sql = 
"UPDATE forum_read SET status='0' where  ;topicid = '$topic' and uid <> '$userdata[uid]'";

      if (!$r = mysql_query($sql )) 
{

         forumerror('0001');

      
}



      $sql = 
"UPDATE users_status SET posts=posts+1 WHERE  (uid = '$userdata[uid]')";

      $result = mysql_query($sql); br />
      if (!$result) 
{

         forumerror('0029');

      
}

      $sql = 
"SELECT t.topic_notify, u.email, u.uname, u. uid, u.user_langue FROM forumtopics t, users u&nb sp;WHERE t.topic_id = '$topic' AND t.topic_poster  ;= u.uid";

      if (!$result = mysql_query ($sql)) 
{

         forumerror('0022');

      
}

      $m = mysql_fetch_array($result) ;

      if ( ($m
[topic_notify] == 1) && ($m[uname] != $userdata[uname]) ) {

         !include!_once(
< font color="#007700">"
language/lang-multi.php");

         $resultZ=mysql_query("SELECT topic_title FROM forumtopics WHERE&n bsp;topic_id='$topic'");

         list($title_topic)=mysq l_fetch_row($resultZ);

         $subject = st rip_tags($forum_name).
"/".$title_topic." : ".translate_ml($m[user_langue]"Une réponse à votre dernier Commentair e a été posté.");

         $message = $m
[uname]."\r\n";

         $message .= t ranslate_ml($m
[user_langue]"Vous recevez ce Mail car vous ave z demandé à être informé lors de la pub lication d'une réponse.")."\r\n";

         $message .= t ranslate_ml($m
[user_langue]"Pour lire la réponse")." : ";

         $message .= < /font>"$nuke_url/viewtopic.php?topic=$topic&forum=$forum&start =9999\r\n";

         !include!(
"signat.php");

         if (!$system)  ;
{

            send_ email($m
[email], $subject, $message, "", true, "text");

            $sauf =$m
[uid];

         
}

      
}

      global $subscribe;

      if ($subscribe) 
{

         if (subscribe_quer y($userdata
[uid],"forum",$forum)) {

            $sauf =$userdata
[uid];

         
}

         subscribe_mail(
< font color="#007700">"
forum",$topic,$forum,"",$sauf);

      
}

      if ($upload) 
{

         !include!(
"modules/upload/upload_forum.php");

         win_upload(
"forum_npds",$IdPost,$forum,$topic,"win");

         redirect_!url(!
< font color="#007700">"
viewtopic.php?forum=$forum&topic=$topic&start=9999");

         die();

      
}

      redirect_!url(!
"viewforum.php?forum=$forum");

   
} else {

      OpenTable();

      echo 
"<p align=\"center\">".translate("You must type a message to post.< /font>")."<br /><br />";

      echo 
"[ <a href=\"!javascript!:history.go(-1)\" class=\"NOIR\">".translate("Go Back")."</a> ]</p>";

      CloseTable();

   
}

} else {

   !include!('header.php');

   if ($allow_bbcode==1) 
{

      !include!(
"lib/formhelp.java.php");

   
}



   list($topic_title, $topic_status) = mysql_fetch_array(mysql_query(
"select topic_title, topic_status from forum topics where topic_id='$topic'"));

   $userX = base_64_decode($user);

   $userdata = explode(
":", $userX);

   $moderator = get_moderator($mod);

   $moderator=explode(
" ",$moderator);

   $Mmod=false;

   echo 
"<table width=\"100%\" cellspacing=\"2\" cellpadding=\"2\" border=\"0\"><tr><td class=\"HEADER\">\n";

   echo 
"<b>".translate("Moderated By: ")."</b>";

   for ($i = 0; $i < count($m oderator); $i++) 
{

      echo 
"<a href=user.php?op=userinfo&amp;uname=$moderator[$i] class=\"BOX\">$moderator[$i]</a> ";

      if (($userdata
[1]==$moderator[$i])) { $Mmod=true;}

   
}

   echo 
"</td></tr></table><br />"
;

   echo 
"<b>".translate("Post Reply in Topic:")."</b>";

   echo 
"&nbsp;<a href=\"viewforum.php?forum=$forum\" class=\"NOIR\">".stripslashes($forum_name)."</a>&nbsp;&nbsp;|&nbsp;&nbsp;";

   echo 
"<a href=\"forum.php\" class=\"NOIR\">".translate("Forum Index")."</a>\n";

   echo 
"<br />";

   echo 
"<form action=\"reply.php\" method=\"post\" name=\"coolsus\">";

   echo 
"<table border=\"0\" cellpadding=\"1\" cellspacing=\"1\" width=\"100%\">";

   echo 
"<tr><td class=\"HEADER\" colspan=\"2\" class=\"ONGL\">".translate("About Posting:")."</td></tr><tr>";

   if ($forum_access == 0) 
{

      echo 
"<td colspan=\"2\">".translate("Anonymous users can post new topics&nb sp;and replies in this forum.")."</td>";

   
} else if($forum_access == 1) {


      echo 
"<td colspan=\"2\">".translate("All registered users can post new  ;topics and replies to this forum.")."</td>";

   
} else if($forum_access == 2) {


      echo 
"<td colspan=\"2\">".translate("Only Moderators can post new topics&nb sp;and replies in this forum.")."</td>";

   
}

   echo 
"</tr>";

   $allow_to_reply=false;

   if ($forum_access==0) 
{

      $allow_to_reply=true;

   
} elseif ($forum_access==1) {

      if (isset($user)) 
{

         $allow_to_reply=true; br />
      
}

   
} elseif ($forum_access==2) {

      if (user_is_moderator($userdata[0],$userdata[2],$forum_access)) {

         $allow_to_reply=true; br />
      
}

   
}




  Profil  www  
xgonin
709      
 

xgonin
  Posté : 07-07-2006 01:12

Et la suite...



   if ($topic_status!=0)

      $allow_to_reply=false;



   if ($allow_to_reply) {

     if ($submitP) {

// ##### ==> AntiSpamBots

      global $question, $anti_spam_bots, $redir;

      AntiSpamBots::reponse($question, $anti_spam_bots);

// ##### ==> AntiSpamBots

        $acc = "reply";

        $message=stripslashes($messag e);

        echo "<tr><td colspan=\"2\">";

        !include! ("preview.php");

        echo "</td></tr>";

     } else {

        $message='';

     }

     echo "<tr align=\"left\">";

     echo "<td class=\"LIGNB\" width=\"25%\"><b>".translate("Nickname: ")."<b></td>";

     echo "<td class=\"LIGNB\">";

     echo $userdata[1];

     echo "</td></tr>";

     if ($smilies) {

        echo "<tr align=\"left\" valign=\"top\">

        <td class=\"LIGNB\" width=\"25%\"><b>".translate("Message Icon: ")."<b></td>

        <td class=\"LIGNB\">";

        echo emotion_add($image_subject);

        echo "</td></tr>";

     }

     echo "<tr align=\"left\" valign=\"top\">";

     echo "<td class=\"LIGNB\" width=\"25%\"><b>".translate("Message: ")."</b><br /><br />";

     echo "<span style=\"font-size: 10px;\">";

     echo "HTML : ";

     if ($allow_html==1) {

        echo translate("On")."<br />";

        echo HTML_Add($allow_forum_hide);

     } else

        echo translate("Off")."<br />";

     if ($citation && !$submitP) {

        $sql = "SELECT p.post_text, p.post_time, u.uname FROM posts p, users u WHERE post_id = '$post' AND p.poster_id = u.uid";

        if ($r = mysql_query($sql)) {

           $m = mysql_fetch_array($r);

           $text = $m[post_text];

           if (($forum_type!="6") and ($forum_type!="5")) {

              ; $text = smile($text);

              ; $text = str_replace("<br />", "\n", $text);

           } else {

              ; $text = htmlspecialchars($text);

           }

           $text = stripslashes($text);

           if ($m[post_time]!="" && $m[uname]!="") {

              ; $reply = "<div class=\"QUOTE\">".translate("Quote")." : <b>$m[uname]</b>&nbsp;\n\n$text&nbsp;\n</div>";

           } else {

              ; $reply = $text."\n";

           }

           $reply = preg_replace("#\[hide\](.*?)\[\/hide\]#si","",$reply);

        } else {

           $reply = translate("Error Connecting to DB")."\n";

        }

     }

     if (!$reply) {$reply=$message;}

     echo "</span></td>";

     if ($allow_bbcode==1)

        $xJava = 'name="message" onSelect="storeCaret(this);" !onclick!="storeCaret(this);" !onkey!up="storeCaret(this);" !onfocus!="storeForm(this)"';

     echo "<td class=\"LIGNB\"><textarea class=\"textbox\" $xJava name=\"message\" rows=\"10\" cols=\"80\" wrap=\"virtual\">$reply</textarea><br />";

     if ($allow_bbcode == 1)

        putitems();

     echo "</td></tr><tr align=\"left\">";

     echo "<td class=\"LIGNB\" width=\"25%\"><b>".translate("Options: ")."</b></td>";

     echo "<td class=\"LIGNB\">";

     if (($allow_html == 1) and ($forum_type!="6") and ($forum_type!="5")) {

        if ($html == "on") {

           $sethtml = "checked";

        }

        echo "<input type=\"checkbox\" name=\"html\" ".$sethtml.">".translate("Disable HTML on this Post")."<br />";

     }

     if ($user) {

        if ($allow_sig == 1||$sig == "on") {

           $asig = mysql_query("select attachsig from users_status where uid='$cookie[0]'");

           list($attac hsig) = mysql_fetch_row($asig);

           if ($attachsig == 1) {

              ; $s = "checked";

           }

           if (($forum_type!="6") and ($forum_type!="5")) {

              ; echo "<input type=\"checkbox\" name=\"sig\" $s>".translate("Show signature")." <span style=\"font-size: 10px;\">(".translate("This can be altered or added in your profile").")</span><br />";

           }

        }

        if ($allow_upload_forum) {

           if ($upload == "on") {

              ; $up = "checked";

           } &nbs p;              ; 

           echo "<input type=\"checkbox\" name=\"upload\" $up>".translate("Upload file after send accepted")."<br />";

        }

     }

     echo "</td></tr><tr>";

     echo "<td class=\"LIGNA\" colspan=\"2\" align=\"center\">";

     echo "<input type=\"hidden\" name=\"forum\" value=$forum>";

     echo "<input type=\"hidden\" name=\"topic\" value=\"$topic\">";

// ##### ==> AntiSpamBots

     AntiSpamBots::question();

     AntiSpamBots::field();

// ##### ==> AntiSpamBots

     echo "<br /><input class=\"BOUTON_STANDARD\" type=\"submit\" name=\"submitS\" value=\"".translate("Submit")."\">&nbsp;";

     echo "&nbsp;<input class=\"BOUTON_STANDARD\" type=\"submit\" name=\"submitP\" value=\"".translate("Preview")."\">&nbsp;";

     echo "&nbsp;<input class=\"BOUTON_STANDARD\" type=\"reset\" value=\"".translate("Clear")."\">&nbsp;";

     echo "&nbsp;<input class=\"BOUTON_STANDARD\" type=\"submit\" name=\"cancel\" value=\"".translate("Cancel Post")."\"><br /><br />";

     echo "</td></tr>";

   } else {

     echo "<tr>";

     echo "<td class=\"LIGNA\" colspan=\"2\" align=\"center\">".translate("You are not allowed to reply in this forum")."</td>";

     echo "</tr>";

   }

   echo "</table></form>";

   if ($allow_to_reply) {

      echo "<table border=\"0\" cellpadding=\"1\" cellspacing=\"1\" width=\"100%\">";

      echo "<tr><td class=\"HEADER\" colspan=\"2\" class=\"ONGL\" align=\"center\">".translate("Topic Review")."</td></tr>";

      if ($Mmod) {

         $post_aff="";

      } else {

         $post_aff=" and post_aff='1' ";

      }

      $sql = "SELECT * FROM posts WHERE topic_id='$topic'".$post_aff."ORDER BY post_id DESC limit 0,10";

      if (!$result = mysql_query($sql))

         forumerror('0001');

      $myrow = mysql_fetch_array($result);

      $count=0;

      do {

         $rowcolor=tablos();

         $posterdata = get_userdata_from_id($myrow[poster_id]);

         echo "<tr $rowcolor align=\"left\">";

         echo "<td valign=\"top\" width=\"15%\">";

         if ($posterdata[uname]!=$anonymous) {

            echo "<a href=\"powerpack.php?op=instant_message&amp;to_userid=$posterdata[uname]\" class=\"NOIR\">$posterdata[uname]</a>";

         } else {

            echo $posterdata[uname];

         }

         echo "<br />";

         $posts = $posterdata[posts];

         echo member_qualif($posterdata[uname], $posts, $posterdata[rank]);

         echo "<br /><br />";

         if ($smilies) {

            if ($posterdata[user_avatar] != '') {

              ;  if (stristr($posterdata[user_avatar],"users_private")) {

              ;     $imgtmp=$posterdata[user_avatar];

              ;  } else {

              ;     if ($ibid=theme_image("forum/avatar/$posterdata[user_avatar]")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/avatar/$posterdata[user_avatar]";}

              ;  }

              ;  echo "<div class=\"avatar_cadre\"><img src=\"".$imgtmp."\" alt=\"".$posterdata[uname]."\" border=\"0\" /></div>";

            }

         }



         echo "</td><td wrap valign=\"top\">";

         echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" height=\"100%\">";

         echo "<tr><td wrap valign=\"top\" width=\"100%\" height=\"100%\">";



         if ($myrow[image] != "") {

            if ($ibid=theme_image("forum/subject/$myrow[image]")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/subject/$myrow[image]";}

            echo "<img src=\"$imgtmp\" alt=\"\">";

         } else {

            if ($ibid=theme_image("forum/subject/icons/posticon.gif")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/icons/posticon.gif";}

            echo "<img src=\"$imgtmp\" border=\"0\" alt=\"\" />";

         }

         echo "&nbsp;".translate("Posted: ").convertdate($myrow[post_time]);

         echo "<hr noshade size=\"1\" class=\"ONGL\">";

         $message = stripslashes($myrow[post_text]);

         if ($allow_bbcode==1) {

            $mess age = Smilie($message);

         }

         if ($allow_forum_hide) {

            $show _hide = false;

            if ($Mmod!=true) {

              ;  $sqlH = "Select count(*) from posts where topic_id = $topic and poster_id = $userdata[0]";

              ;  $resultH = @mysql_result(@mysql_query($sqlH),0,0);

              ;  if ($resultH>0) {

              ;     $show_hide = true;

              ;  }

            } else {

              ;  $show_hide = true;

            }

            $mess age = control_hide_post($message,$show_hide);

         }

         // <A href in the message

         if (stristr($message,"<a href")) {

            $mess age=eregi_replace("_blank\"", "_blank\" class=\"NOIR\"", $message);

         }

         $message=split_string_w ithout_space($message, 80);

         if (($forum_type=="6") or ($forum_type=="5")) {

            highl ight_string(stripslashes($myrow[post_text]))."<br /><br />";

         } else {

            $mess age = str_replace("

Xav
www.xgonin.ch", "<br /><br />" . nl2br($posterdata[user_sig]), $message);

            echo $message."<br />";

         }

         echo "</td></tr></table>";

         echo "</td></tr>";

         $count++;

      } while($myrow = mysql_fetch_array($result));

      echo "</table>";

   }

}

!include!('footer.php');

?>


  Profil  www  
Sauter à :

Temps : 0.0398 seconde(s)